CVE-2021-21985
Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
Vulnerability Description
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
Affected Platforms (CPE)
📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.5📦
Vmware
Vcenter Server
= 6.7📦
Vmware
Vcenter Server
= 6.7📦
Vmware
Vcenter Server
= 6.7📦
Vmware
Vcenter Server
= 6.7📦
Vmware
Vcenter Server
= 6.7📦
Vmware
Vcenter Server
= 6.7📦
Vmware
Vcenter Server
= 6.7📦
Vmware
Vcenter Server
= 6.7📦
Vmware
Vcenter Server
= 6.7📦
Vmware
Vcenter Server
= 6.7📦
Vmware
Vcenter Server
= 6.7📦
Vmware
Vcenter Server
= 6.7📦
Vmware
Vcenter Server
= 6.7📦
Vmware
Vcenter Server
= 6.7📦
Vmware
Vcenter Server
= 6.7📦
Vmware
Vcenter Server
= 6.7📦
Vmware
Vcenter Server
= 6.7📦
Vmware
Vcenter Server
= 7.0📦
Vmware
Vcenter Server
= 7.0📦
Vmware
Vcenter Server
= 7.0📦
Vmware
Vcenter Server
= 7.0📦
Vmware
Vcenter Server
= 7.0📦
Vmware
Vcenter Server
= 7.0📦
Vmware
Vcenter Server
= 7.0📦
Vmware
Vcenter Server
= 7.0📦
Vmware
Vcenter Server
= 7.0📦
Vmware
Vcenter Server
= 7.0📦
Vmware
Vcenter Server
= 7.0📦
Vmware
Cloud Foundation
>= 3.0 and < 3.10.2.1📦
Vmware